Gradually then suddenly. Kinda like Y2K, except there's no hard deadline and the scope of the "bug" is impossible to know until an actual threat emerges.

There's zero reason for 99% of people to worry tho. Unless you're a software maintainer... then you should at least educate yourself about the quantum resistant algorithms that already exist and consider how you could implement them to replace any quantum-vulnerable code in your stack.

Too early for action. Premature optimization has potential to be a bigger problem than being "late" to react to a real quantum threat.

Imagine if everyone rushed to become "quantum safe" this year... it would be a huge effort to educate, rewrite, and deploy code that is "in theory" resistant to a not-yet-existant threat. It could lead to a false sense of safety considering that quantum computers could evolve to attack in ways we have not accounted for yet.

By the way, Bitcoin does not use encryption... it only uses asymmetric key signatures, and hashes. Other "layers" may use encryption, but the base protocol has no encryption/decryption. If SHA256 or Schnorr is broken by quantum, it could still cause chaos on BTC, but its an important nuance that often gets conflated.

The quantum fud people are suspiciously quiet when you mention that every computer has a hardware backdoor in the form of ME/PSP, EC, or other black box controller with full access to memory

Why are the people loudest about breaking encryption quiet on the fact there's no open source hardware to actually keep what you encrypt encrypted?

Yes

who knows, but the chaincode paper on quantum resistance was interesting and I think they are folks who don't have an incentive to make the problem seem bigger than it is.